CVE-2025-24333

Name of the Vulnerable Software and Affected Versions: Nokia Single RAN baseband software versions prior to 24R1-SR 1.0 MP

Description: The issue is related to an administrative shell input validation fault in the Nokia Single RAN baseband software. An authenticated admin user can potentially inject arbitrary commands for unprivileged baseband OAM service process execution by adding special characters to the baseband internal COMA config.xml file. The problem has been corrected in release 24R1-SR 1.0 MP and later by adding proper input validation to the OAM service process.

Recommendations: For versions prior to 24R1-SR 1.0 MP, update to release 24R1-SR 1.0 MP or later to resolve the issue. As a temporary workaround, consider restricting access to the baseband internal COMA config.xml file to prevent potential command injection.